Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 13 Jan 2017 15:04:47 +0100
From: Tomas Hoger <thoger@...hat.com>
To: cve-assign@...re.org
Cc: oss-security@...ts.openwall.com, hanno@...eck.de
Subject: Re: Re: Fuzzing jasper

On Sat, 22 Oct 2016 21:00:23 -0400 (EDT) cve-assign@...re.org wrote:

> > https://github.com/mdadams/jasper/issues/28
> > Heap overflow in jpc_dec_cp_setfromcox()  
> 
> > AddressSanitizer: heap-buffer-overflow
> > WRITE of size 1  
> 
> > malformed jpeg2000 file  
> 
> > jpc_dec_cp_setfromcox ... libjasper/jpc/jpc_dec.c:1668:32  
> 
> Use CVE-2016-8880.
> 
> 
> > https://github.com/mdadams/jasper/issues/29
> > Heap overflow in jpc_getuint16()  
> 
> > AddressSanitizer: heap-buffer-overflow
> > WRITE of size 8  
> 
> > jpc_getuint16 ... libjasper/jpc/jpc_cs.c:1572:8  
> 
> Use CVE-2016-8881.

Can the above two CVEs be rejected as duplicates of CVE-2011-4516 and
CVE-2011-4517 respectively?

https://github.com/mdadams/jasper/issues/28#issuecomment-267053875
https://github.com/mdadams/jasper/issues/29#issuecomment-267322934

Thank you!

-- 
Tomas Hoger / Red Hat Product Security

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ